2019-05-29 05:21:06 -04:00
|
|
|
const crypto = require('crypto')
|
2020-10-01 04:30:26 -04:00
|
|
|
const { db } = require('../../infrastructure/mongodb')
|
2019-05-29 05:21:06 -04:00
|
|
|
const Errors = require('../Errors/Errors')
|
2023-10-19 07:38:17 -04:00
|
|
|
const { promisifyAll } = require('@overleaf/promise-utils')
|
2024-03-11 08:28:23 -04:00
|
|
|
const { callbackify } = require('util')
|
2019-05-29 05:21:06 -04:00
|
|
|
|
|
|
|
const ONE_HOUR_IN_S = 60 * 60
|
|
|
|
|
2024-03-11 08:28:23 -04:00
|
|
|
async function peekValueFromToken(use, token) {
|
|
|
|
const result = await db.tokens.findOneAndUpdate(
|
|
|
|
{
|
|
|
|
use,
|
|
|
|
token,
|
|
|
|
expiresAt: { $gt: new Date() },
|
|
|
|
usedAt: { $exists: false },
|
|
|
|
peekCount: { $not: { $gte: OneTimeTokenHandler.MAX_PEEKS } },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
$inc: { peekCount: 1 },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
returnDocument: 'after',
|
|
|
|
}
|
|
|
|
)
|
|
|
|
|
|
|
|
const tokenDoc = result.value
|
|
|
|
if (!tokenDoc) {
|
|
|
|
throw new Errors.NotFoundError('no token found')
|
|
|
|
}
|
|
|
|
// The allowed number of peaks will be 1 less than OneTimeTokenHandler.MAX_PEEKS
|
|
|
|
// since the updated doc is returned after findOneAndUpdate above
|
|
|
|
const remainingPeeks = OneTimeTokenHandler.MAX_PEEKS - tokenDoc.peekCount
|
|
|
|
|
|
|
|
return { data: tokenDoc.data, remainingPeeks }
|
|
|
|
}
|
|
|
|
|
2021-04-15 10:23:41 -04:00
|
|
|
const OneTimeTokenHandler = {
|
2022-09-27 07:24:17 -04:00
|
|
|
MAX_PEEKS: 4,
|
|
|
|
|
2019-05-29 05:21:06 -04:00
|
|
|
getNewToken(use, data, options, callback) {
|
|
|
|
// options is optional
|
2021-04-15 10:23:41 -04:00
|
|
|
if (!options) {
|
2019-05-29 05:21:06 -04:00
|
|
|
options = {}
|
|
|
|
}
|
|
|
|
if (typeof options === 'function') {
|
|
|
|
callback = options
|
|
|
|
options = {}
|
|
|
|
}
|
|
|
|
const expiresIn = options.expiresIn || ONE_HOUR_IN_S
|
|
|
|
const createdAt = new Date()
|
|
|
|
const expiresAt = new Date(createdAt.getTime() + expiresIn * 1000)
|
|
|
|
const token = crypto.randomBytes(32).toString('hex')
|
2021-04-15 10:23:41 -04:00
|
|
|
db.tokens.insertOne(
|
2019-05-29 05:21:06 -04:00
|
|
|
{
|
|
|
|
use,
|
|
|
|
token,
|
|
|
|
data,
|
|
|
|
createdAt,
|
2021-04-27 03:52:58 -04:00
|
|
|
expiresAt,
|
2019-05-29 05:21:06 -04:00
|
|
|
},
|
2021-04-14 09:17:21 -04:00
|
|
|
function (error) {
|
2021-04-15 10:23:41 -04:00
|
|
|
if (error) {
|
2019-05-29 05:21:06 -04:00
|
|
|
return callback(error)
|
|
|
|
}
|
2021-04-15 10:23:41 -04:00
|
|
|
callback(null, token)
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
|
|
|
)
|
|
|
|
},
|
|
|
|
|
|
|
|
getValueFromTokenAndExpire(use, token, callback) {
|
|
|
|
const now = new Date()
|
2021-04-15 10:23:41 -04:00
|
|
|
db.tokens.findOneAndUpdate(
|
2019-05-29 05:21:06 -04:00
|
|
|
{
|
2020-10-01 04:30:26 -04:00
|
|
|
use,
|
|
|
|
token,
|
|
|
|
expiresAt: { $gt: now },
|
2021-04-27 03:52:58 -04:00
|
|
|
usedAt: { $exists: false },
|
2022-09-27 07:24:17 -04:00
|
|
|
peekCount: { $not: { $gte: OneTimeTokenHandler.MAX_PEEKS } },
|
2020-10-01 04:30:26 -04:00
|
|
|
},
|
|
|
|
{
|
|
|
|
$set: {
|
2021-04-27 03:52:58 -04:00
|
|
|
usedAt: now,
|
|
|
|
},
|
2019-05-29 05:21:06 -04:00
|
|
|
},
|
2021-04-14 09:17:21 -04:00
|
|
|
function (error, result) {
|
2021-04-15 10:23:41 -04:00
|
|
|
if (error) {
|
2019-05-29 05:21:06 -04:00
|
|
|
return callback(error)
|
|
|
|
}
|
2020-10-01 04:30:26 -04:00
|
|
|
const token = result.value
|
2021-04-15 10:23:41 -04:00
|
|
|
if (!token) {
|
2019-05-29 05:21:06 -04:00
|
|
|
return callback(new Errors.NotFoundError('no token found'))
|
|
|
|
}
|
2021-04-15 10:23:41 -04:00
|
|
|
callback(null, token.data)
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
|
|
|
)
|
2021-04-27 03:52:58 -04:00
|
|
|
},
|
2022-09-27 07:24:17 -04:00
|
|
|
|
2024-03-11 08:28:23 -04:00
|
|
|
peekValueFromToken: callbackify(peekValueFromToken),
|
2022-09-27 07:24:17 -04:00
|
|
|
|
|
|
|
expireToken(use, token, callback) {
|
|
|
|
const now = new Date()
|
|
|
|
db.tokens.updateOne(
|
|
|
|
{
|
|
|
|
use,
|
|
|
|
token,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
$set: {
|
|
|
|
usedAt: now,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
error => {
|
|
|
|
callback(error)
|
|
|
|
}
|
|
|
|
)
|
|
|
|
},
|
2023-11-21 09:14:57 -05:00
|
|
|
|
|
|
|
expireAllTokensForUser(userId, use, callback) {
|
|
|
|
const now = new Date()
|
|
|
|
db.tokens.updateMany(
|
|
|
|
{
|
|
|
|
use,
|
|
|
|
'data.user_id': userId.toString(),
|
|
|
|
usedAt: { $exists: false },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
$set: {
|
|
|
|
usedAt: now,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
error => {
|
|
|
|
callback(error)
|
|
|
|
}
|
|
|
|
)
|
|
|
|
},
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
2021-04-15 10:23:41 -04:00
|
|
|
|
|
|
|
OneTimeTokenHandler.promises = promisifyAll(OneTimeTokenHandler)
|
|
|
|
|
|
|
|
module.exports = OneTimeTokenHandler
|